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CENTRAL PAX CENTER 

JUL 2 0 2006 

AMENDlVfFNrrQ TO THE Cf ATMS 

1. (Cim-enily Amended) A cryptographic method. incJuding: 

generating, at a first entity, a first public key Me, t ho fir.t ontity havkig n firPt pu . .w oi J 

Pe-aad-d^e first public key Mb being session specific; 
receiving, at the first entity, a second public key Ma. the second public key Ma being 
session specific; 

generating, at the first entity, a first session key Kb and a first .^r^er s^. the First .esainn 
kaLK p ^ ins different from the fir^t .^rr.r both the fir^t .^ssion kev .nnH 
the first serrf T Sp hemp hmod nr c omputed frnm the second public key MArthe 
first public kcy^ rohP n o cd at a scc u ud o ntity to do i lvc the fmt acaaion L e y, 
w ho r nin the f lxi a u m .., i u u k u iHK B ^^ M n df^ pcndont of Ui c fii -gt pgaaword Pj, ; 

encrypting, at the first entity, a first random nonce Kb xging at IcQOt tho first po^swoid 
P^with the first .session key Knnr the fii^t secret S^nnrtrhn r...^^ ^ ,] i- i j 
to obtain m -a first encryptRH rondom nonoorcsuli, 

e ncrypting, at the first entity, the first encty pf^ rr ^suh with th^ nther one of th^ first 
■session key Kr or the first secret to obtain an en crypted random j^n^r-^-^ 

transmitting the encrypted random nonce from the first entity to die second entity; 

receiving a response to the encrypted random nonce; and 

aumenticating through determining whether the response includes a correct modification 
of die first random nonce Nq. 

2. (Currentiy Amended) The method of claim 1 wherein said enciypting the first random 

nonce includes: 

generating ft-the.first secret Sb from at least Ae-a.firsi password Pa and the first public key 
MsT-and 

o ncrspting dio ftot random no i i cL-N a^wing at loaot tho firat ooorGt Sa^md dio firat scaaim 
key K^f 

w hnrp iu the fug j ^ u ui m n n d the first scm u u k e y arc diff e rent . 
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3. (Currently Amended) The method of claim 1 wherein authenticating rhr..... . 

whether the response inch.d.s n rorrrrr mndifirnrinnr ni, 1 r i.i .jp ting the fir.t x aiid oui 
nonco - Ne , includes: 

o n r- n'pt in g th n fii : i m i d ua i ii u a ct 44fl-w i nc ' ^nn t the [h u p m .i. v >u i.d r. R-aR4^^e4tfst 
session kcj^checkin g whether a received modifir^.t jon of rhe fir^r r.nH»^ 
nonce Nf, equals a modification nf The first raiiHnm nnn ce .-.ppli^H hy f;..^ 
entity. 

(Previomly Presented) The method of claim 1 wherein said authenticating includes: 
checking whether a received modification of the first random nonce less a modification 
thereof as applied thereto by die first emiiy equals the first random nonce. 

(Previously Presented) The mediod of claim 1 wherein generating the first session key Ka 
includes: 

generating a first random number Rb, and 

computing the first session key Kb from the second public key Ma raised to the 
exponential power of the furst random number Rb, modulo a parameter Bb. 

6. (Currently Amended) The method of claim a-l.wherein the first secret Sb is generated 
using a combining function /b on at least tfe^first password Pa and the first public key 
Mb. 



5. 



7. (Previously Presented) The method of claim 6 wherein the first secret Sb is generated 
using the combining function h on the first password Pb and die second public key Ma 
and die first public key Mb. 

8. (Cunrently Amended) The mediod of claim S-Lwherein said generating the first secret S, 

includes: 

combining the second public key Ma and the first public key Mb with the first password 

Pb to produce a first result, and 
hashing the first result with a secure hash. 
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9. (Original) The method of claim 8 wherein the secure hash is a one-way hash function. 

10. (Original) The method of claim 9 wherein the one-way ha^h function is one of the Secure 
Hash Algorithm, the Message Digest 5. Snefru, Nippon Telephone and Telegraph Hash, 
and the Gosudarstvennyl Standard. 



1 1 . (Currently Amended) The method of claim 3-Lwherein said generating the fir.t secret S, 

includes: 

combining the first password Pb and at least one of the second public key M;, and the first 

public key Mb to generate a first combined result, and 
combining the first combined resiUt and at least one of the second public key M^. the 

password Pb. and the first pubUc key Mb to generate a second combined result. 



12. (Previously Presented) The method of claim 1 wherein the first random nonce Nb 
encrypted using a symmetrical encryption algorithm. 



IS 



13. (Original) The method of claim 12, wherein the symmetrical encryption algorithm is one 
of the Data Encryption Standard and the block cipher CAST. 

14. (Currently Amended) The method of claim O-i^wherein encrypting the first random nonce 
Nb includes superencrypting the first random nonce Ng. 

15. (Previously Presented) The method of claim 14, wherein superenciypting the first 

random nonce Ng includes; 

encrypting the first random nonce Nb with the first secret Sb to produce the first encrypted 
result; and 

encrypting the first encrypted result using the first session key Kq. 

16. (PreviotLsly Presented) The method of claim 15 wherein said audienticating includes: 
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deci-ypting the response using the first session key Kb to generate a first deaypted result; 
and 

decrypting the first decrypted result using the first secret Sb- 

1 7. (Currently Amended) Tlie method of claim 31, wherein the response includes a 

combination of a second random nonce and a modification of the first random nonce; 

and wherein the raediod further includes: 

extracting the second random nonce Na from the response; 

modifying the second random nonce Na to obtain a modified second random nonce; 

encrypting die modified second random nonce using die first se^.i^n V^y i^^ fost 

5b flwiT lii MccondpLibliuk L yM A-to obtain an encrypted package; and 
transmitting the encrypted package from die first entity. 



18. 



19. 



(Previously Presented) The method of claim 17 wherein said encrypting the modified 
second random nonce includes: 
generating a string of random bits fe; 

encrypting a combination of the string of random bits I, and the modified second random 

nonce using die first secret Sb to generate a first result; and 
encrypting the first result using die first session key Kp. 

(Previously Presented) The mediod of claim 17 wherein the encrypted package is 
transmitted for autiientication of die first entity in opening a two-way commimication 
channel. 



20. 



(Cmremly Amended) A computer readable storage medium comaining executable 
computer program instructions which, when executed, cause a first computer system to 
perform a cryptographic mediod including: 

generating, at die first computer system, a first public key Mb, thf^ finrnomputu Q>u.m 
hn vi n g n fi r at poL . w ux dr e^the first public key Mb being session specific; 

receiving, at die first computer system, a second public key Ma, die second public key 
Ma being session specific; 
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21. 



generating, ai the first computer system, a first session key Kb and a fir.r .P..rPt ... 
first session key being different frnrr, rh. fi.,. c.^ ^oth the fir.r .....inn 

m^ ^d the first secr(^r S g^einR.baaed^omDuted hnm the second public key 
Ma-. T he f i rst public I ct y M b r n h o »..d nt a x lu .iJ rnmr m r, ly^ i tn i lu J ul .c tJ i e 
-inro ion kay, ^. L rnur t he fu'St b a^:,iu n kcy4 ^ 4^ in dn pcndcnt of i l ic fii - j^ 

encrypting, at the first computer system, a first random nonce Nb .Hng at loaot die fiitit 
passwei^B-with the first session k^-y Kr or the fir^f .^^r.. -rnnnfi 
ptibliolccyM^ -to obtain aft-afirsLencrypied random norKoresult; 

engrvptinf , at the first computPr system, rhp. fir.r .. crvntM n^.^ nU w;, h Ae oth^r »f 

the first session key Kn or the fir^r .^.r <;„ r p obtain nn ^nrrypted randnm nn^ ^.; 

transmitting the encrypted random nonce from the first computer system to the second 

computer system; and 
authenticating through determining whedier a response to the encrypted random nonce 

includes a correct modification of the fiist random nonce^. 

(Currently Amended) A distributed readable storage mediimi containing executable 
computer program instructions which, when executed, cause a first computer system and a 
second computer system to perfomi a computer cryptographic method through a network, 

the method comprising: 

generating at the first computer system a first public key Mb, thn first oomputcr mm 
h m in gQ first po ^J w ui dPfl HtRd-the first public key Mg being session specific; 

generating at the second computer system a second public key Ma, tho second compuLi 
n y ntn m having Ui l fir st pQs5^v ol J imd the second public key Ma being session 
specific; 

receiving at the first computer system the second public key Ma; 

generating at the first computer system a session key Kb and a fii^t secret <t.. the ses.<;inn 
key Kp bejnp riiffrrr-nt from the fir^r ^^^^t .Q ^. both the ^e.;.inn v^y ^'^'^ 
first secret Sg heinE .ba5ed- ^omDUted from the second public key Ma; 

generating at the first computer system a first random nonce Ng; 



004860.P2441 5 ^^.„ „ 

PAGE 10/21 * RCVD AT 712012006 8:04:01 PM [Eastern Daylight Timel » SVR:USPTO^ FXRF-2/6 « DNIS:2738300 * CSID:3108205270 * DURATION (mm-ss):23-06 



Jul-20-06 05:07piii From-BSTiZ 



310 820 5270 



T-204 P. 011/021 F-917 



22. 



encrypting at the first computer system the first random nonce Nb lining at tliu flia 

pgooword Pb with the fir«tt ^e^^ ^jon key Kp nr ihe fii^t sarrpT and tho ucond 

public key Ma to obtain te-afirsLencrypted r a ndom nono cr esult: 
encrypting at the first comnutrr ^vsteit. t.h^ firct .n^ ted result wifh rh. o ther nn. nf rh. 

first session key Kb or thf; first secr« obtain an enrrvp r cd random nnnn^ . 
transmitting die encrypted random nonce and the first public key Mb from the first 

computer system to the second computer system to establish the session key at the 

second computer system; 
receiving at the first computer system firom the second computer system a response to the 

encrypted random nonce; and 
authenticating the second computer system at the first computer system through 

determining whether the response includes a correct modification of the first 

random nonce Nr. 

(Currently Amended) A computer system for perfonning a cryptographic method through 
a network, the computer system comprising: 
a processor, 

a network interface coupled to the network and coupled to the processor, the network 
interface to receive a request including information on a user identification; and 

a storage device coupled to the processor, die storage device to store a user password 

corresponding to the user identification, and wherein the processor is to perform a 
method, including: 

receiving a second public key Ma through the network interface, the second public 

key Ma being session specific; 
genemting a first session key Kb and a first secr«^t q ., the session kev Ko 

diffg^en^ from th e first serrer . S r. both the session key Tgp and the firsit 

secret Sr being based o n computed from the second public key Ma; 
generating a first public key Mb, the first public key Mb being session .specifit^ftftd 

T h e firGt public key ^ . U - to - he naod at a finthor com^ j uter oyatom coupled to 

tho network to derive tho first Gogsion key ; 
generating a first random nonce Nb; 
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encrypting the first random nonce Nb W -with the session ke-.v nrrW i^ 
ggSrgLSg, ftr i en st ttio usor ^J ^i . ! ■ w ^ ^ o obtain a fir^t encrypted resuk; 

encTYptipR the first encrypTftri result with rli^ oth er one of rhe-. .i^don v^y -r thf 
fi gt secret S^and the a ccond public lidy M^ ~io obtain an encrypted 
random nonce; 

traiLsraitting the encrypted random nonce and the first public key Mr through the 
network interface; 

authenticating through determining whether a response to the encrypted random 
nonce includes a correct modification of the first random nonce. 

23. (Previously Presented) The computer system of claim 22 wherein the network is a 
network operating according to a hypertext transfer protocol; and the first public key Mb 
is transmitted with the encrypted random nonce for session key exchange. 

24. (Currently Amended) A cryptographic method, comprising: 

receiving at a first entity a second public key Ma and an encrypted second random 

numbe r, the first cntit>' havuig q firat poaaword P^ ; 
generating a first session key Kb and a fir<it ^e^t Sh. the session k^y Kp being diff^nr 

ftom the rm secret Sp.both the sess ion key K r and the first secret Sg hi^mp Wui 

o acomputedfrom, the second public key M a. whcrcm the firat sosaion Ic t y Ks ^ 

indopondont of the firot pocswcrd P^ ; 
decrypting, using at least the-a.firsi password Pb and the first session key Kb. to retrieve a 

second random number Na firom the encrypted second random number; 
modifying the second random number Na to obtain a modified second random number; 
encrypting the modified second random number using at loaat the first paoflword Pb 

ea dwith the first sessi o n ke y Kb o r the first secret to obtain a first encryp ted 
result; 

encrypting the first encrypred rf.s.ilt with the nth^ nn^ rh^ first session key K^ or the 

first secret to obtam an encrypted random package; and 
transmitting the encrypted random package from the first entity. 
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25. (Currently Amended) The method of claim 24. wherein said decrypting includes: 
decrypting the encrypted second random niunber using the first session key Kb to 

generate «-die.first decrypted resiUt; and 

deciTpting the first decrypted result using at least the first password P. and the s^.ronH 
public key 

26. (Previously Presented) The method of claim 24 wherein said generating the first session 
key Kb includes: 

generating a first random number Rb, and 

computing the first session key K^ fiom the second public key raised to the 

exponential power of the first random number Rb. modulo a parameter 6b. 

27. (Previously Presented) The method of claim 24 wherein said decrypting furdier includes: 
generating at the first entity a first public key Mb; and 

generating a first secret Sb using a combining function /« on at least the first password Pb 
and the first public key Mb. 

28. (Previously Presented) The method of claim 27 wherein said decrypting includes 
decrypting the encrypted second random number using at least the first secret Sb and the 
first session key Kb. 

29. (Previously Presented) The method of claim 27 wherein said generating the first secret Sb 
includes: 

combining the first public key Mb with the first password Pb to produce a first result, and 
hashing die first result with a secure hash. 

30. (Original) The method of claim 29 wherein the secure hash is a one-way hash fiinction. 

31. (Original) The method of claim 30 wherein the one-way hash fiinction is one of the 
Secure Hash Algorithm, the Message Digest 5, Snefru, Nippon Telephone and Telegraph 
Hash, and the Gosudarstvennyl Standard. 
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32. (Pi-eviously Presented) The med^od of claim 27 wherein said generating the first secret Sb 
includes: 

combining the first password Pb and the first public key Ma to generate a first combined 
result^ and 

combining the first combined resuh and at least one of the second public key Ma. the first 
password Pb, and the first public key Mb to generate the fir^t secret Sb. 

33. (Previously Presented) The method of claim 24, wherein said encrypting the modified 
second random number includes superenciypting the modified second random number. 

34. (Previously Presented) The method of claim 24. fiirdier including: 
generating a first random number Nb; and 

wherein said encrypting the modified second random number includes: 
encrypting a combination of the first random number Nb and the modified second random 
number. 



35. (Previously Presented) The method of claim 34 which further includes: 
receiving at the first entity a response to the encrypted random package; 
decrypting the response to obtain a combination of a string of random bits and a modified 

first random nonce; and 
retrieving the modified first random nonce from the combination of the string of random 

bits and the modified first random nonce; 
detemiining whether die modified first random nonce was correctly modified from the 

first random number Nb. 

36. (Pi-eviously Presented) The mediod of claim 35 wherein said determining whether the 
modified first i-andom nonce was correctly modified includes; 

checking whetlicr die modified first random nonce equals a modification of die first 
random nonce as applied to the first random nonce by the first entity. 

37. (Previously Presented) The method of claim 35 wherein said determining whether the 
004860.P2441 ,n 
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modified first random nonce was conrectly modified includes: 

checking whether the modified fet random nonce less a modification thereof as applied 
thereto by die first entity equals the first random nonce. 



38. 



39. 



(Cuirently Amended) A computer readable storage medium containing executable 
computer program instructions which, when executed, cause a first computer system to 
perform a cryptographic method including; 

receiving at the first computer system a second public key and an encrypted second 

random number; 

generating a first session key Kb and a first s ecret .S». the session lc.v h..nf . H; rP 

from the first secret Sp, both the se...inn l^.y i^n and the f\r.r .Prr.r ^„ Ko^.^ 
computed from bojod on the second public key Ma; 
decrypting, using at least a fn^t password Pb and the first session key Kb, to retrieve die 

second random number Na fiom the encrypted second random number; 
modifying the second random number Na to obtain a modified second random'number, 
encrypting the modified second random number Hsfegwithayeai^the first session V.v'i^„ 

OLthe first secreLS^pa5Swei4jiB -to obtain a first enrrvp t^w r....^.. 
encrypting the first encrypted revilr with the mhpr on. nf ^-^ ^ 

thp first secret SH ,to obtain an encrypted random package; 
transmitting the encrypted random package from the first computer system for . 

authentication. 

(Currently Amended) A distributed readable storage medium containing executable 
computer program instructions which, when executed, cause a first computer system and 
a second computer system to perfoim a cryptographic mediod through a network, die 
method including; 

receiving, from the second computer system and at die first computer system, a second 

public key M;, and an encrypted second random number; 
generating a first session key Kb and a first secret .S., the session k.v being dimr^nr 

from die first secret Sb. both die se.s.si on key K b and the fii^t .^nm, ^„ h.,v^ 

computed from bes^d^ihe second public key Ma; 
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40. 



decrypting, using ai least a first password PB-nnr1 tlin fim .u.:.ionLa> ic^ to retrieve a 

second random number from the encrypted second random number- 
modifying the second random number N. to obtain a modified second random number 
encrypting the modified second random number «^m^^.4ea^with the firsr ....^n. 

K g or the first seem ,Sa.T hr fi r.t pa ..v v ui d T^ -to obtain . fir.r .nr^ ,.^ ...„u. 
encrypting the firsr encrypted result with .hr orhn- nrr nf a^e first session key Kb or 

th e first secret S B.to obtain an encrypted random package; 
transmitting the encrypted random package from the first computer system to the second 

computer system. 

(Currently Amended) A computer system for performing a cryptographic method through 
a network, the computer system comprising: 
a processor; 

a network interface coupled to the network and coupled to the processor, the network 

interface to receive a request including infoimation on a user identification; and 
a storage device coupled to the processor, the storage device to store a user password 

associated with the user identification, and wherein the processor is to perfonn a 

method, including 

generating a first public key Mb; 

receiving a second public key and an encrypted second random number 

through the network interface; 
generating a first session key Kb and a fir^r .err^t the session l^^y ^^n >-'-^"g 

different from the first sei^^t h» th the session W and rTiP fi^r 

secret heinp computed from b ased^the second public key M^; 
decrypting, using at least a first password Pb and the first session key Kb. to 

retrieve die second random number Na from the encrypted second random 

number; 

modifying the second random number to obtain a modified second random 
number; 



004860.P244I n 

PAGE 15121 * RCVD AT 7/2012006 8:04:01 PM pstem Daylight rme] « SVR:USPT0-EFXRF-2I6 * DNIS:2738300 « CSID:3108205270* DURATION |mfn-ss):23-06 



Jul-20-06 05:15pm Frora-BST4Z 



310 820 5270 



T-204 P. 017/021 F-917 



4L 



encrypting the modified second random number with the fir>;r .^..i.. i^^y -^^r 
■ the first secreL S ^t v Mng at log^t U ie firot pasiiwo i J4 >^ to obtain ^ fir.r 
encryp ted reLsiilf- 

encrypting th. first encrypted re,u\r Mnth the other nn. fi^^ 

Kb or the first secret S a- to obtain an encrypted random package; 
transmitting the encrypted random package through the network interface. 

(Previously Presented) The computer system of claim 40 wherein the network is a 
network operating according to a hypertext transfer protocol; and the first public key Ms 
is transmitted for session key exchange before the encrypted second random nimtber is 

received. 
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